Collector - August 2018 - 34

WHAT CAN YOU DO?
BE VIGILANT.
Don't wait to find out about a breach from law enforcement
or a customer. Log files and change management systems
can give you early warning of a security compromise.
MAKE PEOPLE YOUR FIRST LINE OF DEFENSE.
Do your employees understand how important cybersecurity is
to your brand and bottom line? Get them on board, and teach
them how to spot the signs of an attack and how to react.
ONLY KEEP DATA ON A NEED-TO-KNOW BASIS.
Do you know who can see your sensitive data and systems?
Limit access to the people who need it to do their jobs, and
have processes in place to revoke it when they change roles.
PATCH PROMPTLY.
Cybercriminals are still successfully exploiting known
vulnerabilities. You can guard against many threats simply
by keeping your anti-virus software up to date.
ENCRYPT SENSITIVE DATA.
No matter what you do, one day you'll likely be the victim
of a breach. But by encrypting your data, you can render
it useless if it is stolen.
USE TWO-FACTOR AUTHENTICATION.
Phishing campaigns are still hugely effective because
people make mistakes. Two-factor authentication can limit the
damage that can be done if credentials are lost or stolen.
DON'T FORGET PHYSICAL SECURITY.
Not all data theft happens online. Surveillance cameras and
entry systems for restricted areas, for example, can help prevent
criminals from tampering with systems or stealing sensitive
material.
Source: Verizon, 2018 Data Breach Investigations Report.
34
THE WEAK LINK
Data security, or the lack of it, can be
extremely expensive, according to Verizon's
2018 Data Breach Investigations Report.
And just as important, data breaches aren't
just a problem for security professionals.
The report noted: "The impact is felt across
the whole business-from your legal team,
embroiled in litigation, to your frontline
employees, who can't access the tools they
need to do their jobs. Everyone needs to play
their part in managing the risks."
The Verizon report, based on the analysis
of more than 53,000 real-world incidents,
revealed what you probably already
suspect: 76 percent of data breaches were
financially motivated and almost 73 percent
of cyberattacks occurred at the hands of
outsiders. This means that about 28 percent
of these breaches didn't involve unknown
hackers, but rather company insiders.
Before you start looking over your staff 's
shoulders, remember that "malicious
employees looking to line their pockets
aren't the only insider threats you face,"
according to Verizon.
Oftentimes, the problem is the result
of innocent errors, totaling about 17
percent of the breaches in Verizon's study.
Missteps can include failing to shred
confidential information, sending an email
to the wrong person, losing a laptop or
misconfiguring web servers.
And this may be hard to believe, but 4
percent of people-your staff-will actually
click on a phishing campaign. Even the best
of us could make that mistake. (Remember
John Podesta and the hack that led to the
release of Hillary Clinton's emails?)
While none of these were deliberately illintentioned, they could all still prove costly.
In assessing the insider threat, global
advisory firm Willis Towers Watson
writes that most employers say they have
established and communicated effective
policies and processes to manage the
gamut of cybersecurity threats. And
most employees indicate that they
understand their company's policies
regarding data privacy and information
security in their jobs.
ACAINTERNATIONAL.ORG